[go: up one dir, main page]

CN101008969A - Information processing device and input operation device - Google Patents

Information processing device and input operation device Download PDF

Info

Publication number
CN101008969A
CN101008969A CNA2007100057298A CN200710005729A CN101008969A CN 101008969 A CN101008969 A CN 101008969A CN A2007100057298 A CNA2007100057298 A CN A2007100057298A CN 200710005729 A CN200710005729 A CN 200710005729A CN 101008969 A CN101008969 A CN 101008969A
Authority
CN
China
Prior art keywords
data
input operation
section
input
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007100057298A
Other languages
Chinese (zh)
Inventor
向川聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Publication of CN101008969A publication Critical patent/CN101008969A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
  • Input From Keyboards Or The Like (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Leakage of personal information in an apparatus is prevented to protect security thereof. The apparatus (10) includes an input operation section (20) by which an operator can carries out a predetermined input operation, and a control section (30) for performing prescribed control on the input operation section (20). The input operation section (20) serves to perform data transmission to an external device (50) which is provided outside the apparatus (10). The input operation section (20) is characterized in that it is provided with a cipher module (24) for encrypting prescribed data which is input through the input operation section (20), and a transmission section (26) for transmitting data encrypted by the cipher module (24) to the external device (50).

Description

Signal conditioning package and input operating device
The application is that application number is 02102012.4, and the applying date is on January 15th, 2002, and denomination of invention is divided an application for the application for a patent for invention of " signal conditioning package and input operating device ".
Invention field
The present invention relates to a kind of device with an input operation part and a control part, more specifically, it relates to a kind of like this device with tight security, this device is used as a terminal or similar device, can carry out an input operation by it, for example in equipment such as a banking terminal, various ticket machines.
Description of related art
In equipment such as banking terminal, various ticket machine, used a kind of device, in this device, the user of this screen of actual touch or operator operate the screen of a similar touch panel, show a button or pointer on this screen, and in some cases, operator's personal-machine confidential information is as people's identity identification number, information such as credit card identification number are imported by this device one by one.In addition, a kind of like this device comprises an input operation part and a device control portion, and they are not integrated usually mutually, but by a cable or similar fashion interconnection.
Fig. 9 is a block diagram, has described a part of such device, perhaps part that comprises the known system of such device, and it is reliable that its security is considered to.This figure has shown a system, it comprises 1 and external unit of device or installs 5, leased line 7 by a dedicated line or a public telecommunication operator between them links to each other, device 1 comprises an input operation part 2, a device control portion 3 and an another one internal unit 6, and dash area in the drawings represents that security is considered to reliable part.Therefore, 3 the data transmission from input operation part 2 to control part, and from control part 3 to internal unit 6 data transmission is carried out with clear-text way.Equally, the data transmission between control part 3 and external unit 5 also is to carry out by the leased line 7 of public telecommunication operator in the clear data mode.
Yet, in recent years, interception facility has also improved its performance, and there is such certain situation, may a disguise oneself as service worker or install 1 attendant and carry out undelegated or illegal behavior of spiteful people, so we not necessarily can say the system of stating and keep satisfied security.Therefore, the danger that may be leaked from the identity or the personal information as person identfication number sign indicating number or similar information of installing the input of 1 touch panel is in continuous increase.Therefore, in order to tackle this eavesdropping and illegal act, just must improve the security in the device.At present, banking terminal, various ticket machine and similar device are provided or installed on the different location, but in many installation sites, these terminals and machine are unserviced.And the running time of this terminal and machine has and is lengthened to 24 hours or the trend from the early morning to the midnight, so need the security of height, is let out from device to prevent identity or personal-machine confidential information.
As a kind of technology that keeps this device security, people have advised some method, prevent above-mentioned confidential information because someone watches screen (peeping) or utilization to be leaked as disclosed a kind of Operations Analyst among Japanese patent application Laid-Open Nos.9-54862 and the 2000-20468.But in these methods, position and the keyboard layout done in on-screen options change at each operation, thereby the habituation and the convenience that have hindered the operator.
And then, as a straightforward procedure of guaranteeing security, at by installing the input that 1 touch panel or similar fashion are carried out, can consider to adopt a kind of the encryption and coordinate data that transmission is pushed by touch panel and the method for not carrying out other processing, as shown in figure 10.In this method, by the coordinate data of input operation part 2 input, for example (2,7), and a crypto module 4 by input operation part 2 is encrypted as " eeff ", and then, the coordinate data of encryption " ee " is transmitted to control part 3 (step S1).For the control part 3 that receives the data that so transmit, must to be converted into numeral or character, perhaps be converted to instruction indicative data with encrypting the coordinate data deciphering according to a kind of screen configuration.In this example, the data that receive are converted into a numerical character " 4 " in this case.Here, judge whether numerical character " 4 " is the data that should encryptedly be transferred to external unit 5, if judge it is to need encrypted data, then numerical character " 4 " is encrypted as an encrypting messages " 0dff ", and it is sent to external unit 5 (step S2) subsequently.On the other hand, when judging that numerical character " 4 " is when not answering not encrypted data, then numerical character " 4 " is carried out common process, promptly, numerical character " 4 " is handled by itself in control part 3, and perhaps not encrypted undressed data are by itself being sent to external unit 5 (step S3).
Yet in this method, control part 3 is analyzed data, therefore, guarantees the security of control part 3 and provides a kind of eavesdropping prevention mechanism (unauthorized behavior prevention apparatus) just to become crucial.In addition, because control part 3 is carried out encryption and decryption, need be independent of input operation part 2 or outside input operation part 2, provide an encrypting-decrypting module (crypto module 4) to control part 3 again.And, because the general control data that do not need to encrypt are also encrypted and sent from input operation part 2, just having produced such problem, treatment capacity is owing to decryption processing increases, and installs 1 burden thereby increased.
Summary of the invention
The present invention considers that the situation of top indication produces, and its objective is provides a kind of signal conditioning package, it can send information to another external unit in a kind of safe mode, guarantees the security at the inner personal-machine confidential information of this device simultaneously.
For fear of the problems referred to above, according to a first aspect of the present invention, provide a kind of signal conditioning package, it comprises an input operation part, an input is encrypted by an operator by this input operation part; And comprise a control part, the control that is used on input operation part, putting rules into practice.This input operation part comprises: encrypt judging part for one, be used for picking out from the data by the input operation part input and want encrypted data; One adds compact part, is used for encrypting wanting encrypted data according to encrypting judgment result; And a transport part, be used for transmitting and encrypt and clear data; Wherein, control part is carried out according to the content of the clear data that receives from described input operation part and is handled, and simultaneously, will send to the equipment with decipher function from the enciphered data that described input operation part receives.A kind of like this signal conditioning package for example can be applied in the equipment such as finance or banking system terminal, various ticket machines.In addition, notice that in this application, equipment and external unit with decipher function are equal to.
In a preferred form of a first aspect of the present invention, input operation part has an input operation screen, and whether judging part is in a preset range according to the coordinate of pushing on the input operation screen or the position judges whether the input data should be encrypted and encrypt.According to a kind of like this structure, for example, if the input operation screen is a kind of screen of touch panel type, on screen, be in a numerical character zone that needs security by a coordinate range that the operator pushed or position, then add compact part to encrypting by the data of operator's input, otherwise, when on the screen by a coordinate range that the operator pushed or position be in one do not need security be used for the input area of " cancellation " or " affirmation " time, the input data not encrypted.By this way, can processed or encryption by the data of user or operator's input according to the state that helps data processing.
In another preferred form of first aspect present invention, add compact part the data of importing at least one preset coordinates scope on the input operation screen and the preset coordinates position are converted to the data message relevant with coordinate range or position, and use a predetermined key that data converted like this is encrypted.Particularly, for example, as top situation, when the input operation screen is a kind of screen of touch panel type, when coordinate range that the operator pushed or position during corresponding to a digital character zone, add compact part and operate, the data that the operator is imported are converted to a corresponding digital character.In addition, when the numerical character of being changed needs security, then be subjected to encryption.Like this, just might use the various data of importing by input operation part by being converted into suitable data message, and might be by difference is imported the further encryption of data and guaranteed security in a kind of reliable mode.
In another preferred form of the present invention, signal conditioning package comprises that also is provided with a portion, be used for dynamically receiving information from an external unit, and information about preset coordinates scope on the input operation screen or position is set, whether wherein, encrypt judging part is present in the preset range that set by the portion of setting or the position according to the coordinate of pushing on the input operation screen and judges whether the input data are encrypted.According to a kind of like this structure, for example, when the input operation screen is a kind of screen of touch panel type, information about coordinate range or position, layout or type information as touch-screen can receive from external unit, so that can the screen setting be come into force, thereby might show touch panel with various pattern according to the data that received.In addition, encrypt judgement, just might perform encryption processing effectively according to various pattern by carry out one according to this layout information.
In a preferred form of first aspect present invention, signal conditioning package also comprises one portion is set, be used for dynamically receiving and to be provided with the data configuration information from external unit, the data that this information is used for importing at least one the preset coordinates scope on the input operation screen and preset coordinates position are converted to the data message relevant with this coordinate range or position.Add compact part according in will at least one the preset coordinates scope on the input operation screen by the set data configuration information of the portion that is provided with the preset coordinates position on the data imported be converted to the data message relevant with this coordinate range or position, and by using a predetermined key that data converted like this is encrypted.Especially, in the fourth embodiment of the present invention, the data configuration information comprises the coordinate information (Fig. 5) of the corresponding relation between coordinate range of expression and the related data code.Add compact part (being data processing division in this embodiment) and will and be encrypted as the related data code from the data-switching of touch panel input by using this coordinate information.
According to a kind of like this structure, various data are distributed in the coordinate range or the position that can contrast input operation part, thereby need under the situation of security at a device, just might the input operation screen be set according to multiple different conditions.In addition, encryption is carried out according to this setting, thereby makes device of the present invention have the dirigibility of height, and compared with prior art outstanding security can be provided.
According to a second aspect of the present invention, a kind of input operating device is provided, it has an input operation screen, be used for providing the information by this input operation screen input by an operator to a signal conditioning package that is attached thereto, this input operating device comprises: the portion that is provided with that is used to be provided with the data configuration information, and this data configuration information is used for and will be converted to the data message relevant with this coordinate range or position about the information of preset coordinates scope on the input operation screen or position and the data imported in this preset coordinates scope or position; Encrypt judging part for one, be used for whether being present in the preset coordinates scope or the position that are provided with by the portion of setting and judge whether the input data should be encrypted according to the coordinate of on the input operation screen, pushing; One adds compact part, be used for being converted to the data message relevant, and use a predetermined key that data converted like this is encrypted with coordinate range or position according to the input data that the data configuration information that is provided with by the portion of setting is defined as encrypting with encrypted judging part; And a transport part, be used for all being sent to the signal conditioning package that is attached thereto with the unencrypted data with what encrypt.By a kind of like this input operating device is provided in finance that requires security or machines such as banking system, various ticket machines, the security performance of these systems and machine accesses reinforcement, thereby has prevented the leakage of information.
According to a third aspect of the present invention, a kind of signal conditioning package that has been equipped with an input operation part and a control part is provided, wherein, an operator keys in an input by this input operation part, and the control that control part is used for putting rules into practice on input operation part.This input operation part comprises: a comparing section is used for the specified data that the specified data and the input operation part of input are held is compared; And a transport part, be used for sending the comparative result that comparing section is done to control part.Control part is operated, and sends received comparative result to another equipment.In a preferred embodiment of the invention, the comparing data that is used for comparison and checking membership's identification number or similar information is stored in an internal storage of input operation part in advance, and when a user imports membership's identification number by for example touch panel, input operation part compares between membership's identification number that comparing data and user are imported, so that judge that whether this user is registered is a member.
Because this structure, identify label or personal information that the user is input in this device can not be leaked to the outside, thereby might guarantee security.In addition,, just need in control part, not carry out the processing of encryption and decryption again, so just reduce at the inner encrypt and decrypt that carries out of device and handled because whether input operation part can should encryptedly carry out a judgement to the input data.As a result of, the burden of device also has been reduced.
According to a fourth aspect of the present invention, a kind of signal conditioning package that has been equipped with an input operation part and a control part is provided, one of them operator keys in an input by input operation part, and the control that control part is used for putting rules into practice on input operation part.This input operation part comprises: a test section is used to detect the input operation of an input specified data; One adds compact part, is used to encrypt specified data; And a transport part, be used for the testing result of test section and add compact part institute ciphered data being sent to control part.Control part is controlled input operation part according to the testing result that receives, and the enciphered data that receives is sent to the equipment with decipher function.For example, usually, when in people's identity identification number one by one is imported into the terminal of a banking facility for example, going, Enter Number and self can't on screen, show, the substitute is, when importing each character, only show a kind of symbol or the mark (for example " ") of representative input effect at every turn.In this case, in the prior art, input operation part is encrypted the coordinate data that the user pushes, and sends it to control part, and control part detects input operation and control display screen curtain subsequently.But in one embodiment of the invention, an input operation is transfused to operating portion and detects, and only notifies the input operation of person identfication number sign indicating number subsequently to control part, so that control part can the control display screen curtain.In addition, when the input of all numerical characters of person identfication number sign indicating number was finished, whole person identfication number sign indicating number was encrypted and be sent to control part.As a result of, the time of encryption may be saved with trouble, and compared with prior art, security also can be enhanced.
The accompanying drawing summary
Fig. 1 is a block diagram, has schematically described according to the signal conditioning package of one first embodiment of the present invention and a kind of essential structure of basic security assurance technology.
Fig. 2 is a block diagram, has described the essential structure according to the signal conditioning package of second to the 4th embodiment of the present invention.
Fig. 3 has showed the demonstration example of a touch panel type entr screen.
Fig. 4 is a process flow diagram, has described encryption in a second embodiment.
Fig. 5 is the example of a coordinate range that requires security and the related data corresponding with this scope.
Fig. 6 is a process flow diagram, has described the input of membership's identification number in the 3rd embodiment and has handled.
Fig. 7 (a) has showed the example that shows an entr screen in third and fourth embodiment.
Fig. 7 (b), 7 (c) and 7 (d) have shown in a second embodiment, write down coordinate range and write down the example of the information pattern of the corresponding related data code of coordinate range with this.
Fig. 8 is a process flow diagram, has described the details that the encryption key input is handled in the 4th embodiment.
Fig. 9 is a block diagram, has described a security and has been considered to guaranteed part.
Figure 10 is a block diagram, has described a kind of technology of encrypting and transmitting the coordinate data that a touch panel is pressed.
The description of preferred embodiment
Below with reference to accompanying drawing the preferred embodiments of the present invention are described in detail.
Embodiment 1
Fig. 1 is a block diagram, has schematically described a signal conditioning package and a kind of basic security assurance technology according to the first embodiment of the present invention.Below narration will use with Figure 10 in identical data carry out so that the technology of being narrated with reference Figure 10 compares.Corresponding to the situation of Figure 10 aforementioned means 1, in this figure, a device 10 comprises an input operation part 20 and a control part 30, and installs 10 with an external unit or install 50 and link to each other.
Guarantee technology according to security of the present invention, work as coordinate data, when for example (2,7) are transfused to touch panel or similar fashion in input operation part 20, input data or push coordinate (2,7) and be converted into related data.Here alleged related data is meant that being presented at touch panel or similar device pushes a character on the coordinate, as a numerical character, a symbol or the like., suppose that related data is a numerical character " 4 " herein, input operation part 20 judge this numerical character " 4 " whether be should be encrypted data.When being judged as timing, the crypto module 24 that numerical character " 4 " is transfused to operating portion 20 is encrypted as a corresponding encrypting messages, and " 0dfff, then, encrypting messages " 0dff " is sent to control part 30 (step S1a).When being an encrypting messages by control part 30 received data, in control part 30, not handle, the encrypting messages of reception " 0dff " is sent to external unit 50 (step S1b) by former state.
In addition, similarly, when coordinate data (2,7) is transfused to operating portion 20 input, judge whether push the related data that coordinate (2,7) is converted into needs to encrypt.When judging that these data do not need to encrypt (data can communicate with so-called plaintext), coordinate data (2,7) is sent to control part 30 (step S2a) with the plaintext former state, and carries out common process (step S2b) there.
Guarantee under the situation of security even the device 1 that can not resemble among Fig. 9 to be painted, whole device or input operation part 2 integrated as a unauthorized or illegal act prevention apparatus mutually with control part 3, perhaps even under input operation part 2 and the separated physically situation of the equipment that requires security, according to above-mentioned technology of the present invention, as shown in this embodiment, 3 needs of control part have the function of judging or pick out encrypted data from other data, and do not need to provide crypto module 4, thereby might guarantee security in a kind of easy mode.
Embodiment 2
Fig. 2 is a block diagram, has described the essential structure according to the signal conditioning package of one second embodiment of the present invention.As shown in the drawing, one is installed 10 first-class as a banking terminal, multiple ticket machine, comprises that one is used to control a user's input operation and carries out data encryption and the input operation part of transmission 20 and a control part 30 that is used to control whole device 10 and transmits data to 40 or external units of an equipment (as security module) 50 of guaranteeing security.Equipment 40 can be similar IC-card etc.
Input operation part 20 comprises an input part 21, as a touch panel; An input part controller 22 that is used to control the input operation of input part 21, and reception from the input data of input part controller 22, coordinate data is converted to specified data and purpose is encoded to coordinate data or the data processing division 23 of piecemeal (block) for encrypting.Input operation part 20 comprises that 24, one of a crypto module that are used to encrypt the data that receive from data processing division 23 is used to preserve the internal storage 25 of various data and one and is used for the transport part 26. that transmits and receive data back and forth with control part 30
Control part 30 comprises that is used for a transport part 31 that transmits and receive data back and forth with input operation part 20, security module 40 and external unit 50, a data-switching portion 32 that is used for the coordinate data that transport part 31 is received is converted to specified data, and a display control unit 33 that is used to control a screen of input part 21.
In addition, it should be noted that the dash area that comprises input operation part 20 and other parts in Fig. 2 is assumed to be a guaranteed module of security (unauthorized behavior prevention apparatus).
Fig. 3 is a demonstration example by the touch panel type entr screen of display control unit 33 controls.A dash area in this figure is represented a digital character zone 21a, and it is touched by the user of information such as an input person identfication number sign indicating number, amount, and for the data in the 21a input of numerical character zone, security is guaranteed.And then, screen also comprises a regional 21b except numerical character zone or safety zone 21a, in this zone, show that at a user's input operation a predetermined character is as " " or similar character, so that the user can confirm his or her input operation; A regional 21c, in this zone, the user can cancel his or her input operation; And a regional 21d, in this zone, the user can key in or the his or her input operation of retry again.
Below, with reference to based on the encryption details of above-mentioned configuration and use the process flow diagram of Fig. 4.In the present embodiment, an example will be described, one of them user carries out an input operation,, a personal-machine confidential information, promptly the person identfication number sign indicating number of a four figures is imported into device 10, and so the data of input are not further processed, and perhaps encrypts by coding or piecemeal (grouping), be sent to external unit 50 or security module 40 then, it is a unauthorized or illegal act prevention apparatus.
At first, the screen of being painted in display control unit 33 displayed map 3 of the control part 30 in device 10 (step 400).In addition, about the information of the coordinate range (21a) that requires security on Fig. 3 screen is dynamically to receive and as data notification from external unit 50 separately, and the regulation (designation) of coordinate range and related data code thereof is set up (step S401).Related data is in this case supposed to be respectively numerical character for the time being.For example, (10-20 is when 20-40) clicked when a coordinate range that wherein shows " 1 ", this coordinate range is set to code " 1 ", similarly, and as a coordinate range (20-30 who wherein shows " 5 ", when 40-80) clicked, this coordinate range is set to code " 5 ".Such setting is stored in the internal storage 25.
Fig. 5 has described an example of the coordinate information that received.The information that receives can be an information encrypted, (being " YES " among the step S402) in this case, and the crypto module 24 of input operation part 20 deciphers information encrypted for using (step S403).And on the other hand, when not encrypting, (being " NO " among the S402), the information former state of reception is used.Though in the present embodiment, receive by this way from external unit 50 about the information of the coordinate that requires security, this security requirement information also can be stored in the internal storage 25 of input operation part 20 statically in advance.
Here, the user carries out an operation, imports people's identity identification number one by one by input part 21 on screen as shown in Figure 3.The data that user's input operation is imported are notified to input part controller 22, and are converted into corresponding coordinate data.Yet, when being clicked by a kind of like this user's input operation, the coordinate of the information that does not require security (is " YES " among the S404), coordinate information is notified control part 30 in normal way, and is handled by control part 30 subsequently.Particularly, for example, if the user presses coordinate (60,80), input part controller 22 is judged the coordinate of being pushed (60,80) not within the coordinate range that requires security (numerical character zone 21a) as shown in Figure 3, and then coordinate information is notified to control part 30 (step S405) by former state.Data-switching portion 32 in the control part 30 will be converted to related data by the coordinate data that transport part 31 receives, and, if the related data of click location is " cancellation " to be handled (being " YES " among the step S406), the so suitable processing of then similar end input processing self can be performed (step S407).On the other hand, if the related data of click location is handled (being " NO " among the S406) for " retry " or " re-entering ", the data that then similar deletion is kept in internal storage 25 also urge the user from the beginning to import or the processing of keying in data can be performed.
In addition, when the coordinate of the information that requires security is clicked (being to be " YES " among " NO " and the step S408 among the step S404), then one is used for informing separately that the code replacement coordinate information of input operation is notified to control part 30 (step S409).The control part 30 that receives notice is carried out control in such a way, character or symbol are displayed among the viewing area 21b of Fig. 3 on the screen as " ", so that inform the figure place that the user imports, and the input of being done to user's announcement by a kind of sound or similar fashion simultaneously.And then data processing division 23 is a related data code with reference to the information among the Fig. 5 that is stored in the internal storage 25 with the coordinate conversion of being clicked, and stores transformation result in internal storage 25.For example, if coordinate (15,30) is imported by the user, then a related data code " 1 " can be stored in the internal storage 25.Processing from step S404 to step S410 is constantly repeated, and (is " NO " among the step S410) till the user finishes input to its person identfication number sign indicating number.
After clicked four inputs of the coordinate of the information that requires security, (being " YES " among the step S410) finished in the input that just can suppose the person identfication number sign indicating number, data processing division 23 editor and with the code information piecemeal (step S411) in the internal storage 25, they can be encrypted (step S412) by crypto module 24 subsequently and 26 send to control part 30 (step S413) from the transport part.In addition, note, can carry out piecemeal like this, go in the high-order figure place, do not have the figure place of input to supply, for example carry out 8 piecemeal with code " 0 " so that code is applied to more by the order of importing.In this case, for example, just become " 12340000 " by the clicked data of order of code " 1 ", " 2 ", " 3 " and " 4 ".
Certainly, carry out this piecemeal not necessarily, the substitute is and to encode or only encrypt and do not carry out any processing, thereby this processing is not subjected to any type of restriction.
Encrypt by using a key that is stored in the internal storage 25.The enciphered data that transmits is sent to safe external unit 50 or security module 40 by control part 30.In this case, control part 30 is not analyzed enciphered data.
Embodiment 3
The essential structure of the signal conditioning package of foundation the 3rd embodiment is similar to the structure of second embodiment shown in Fig. 2.In the present embodiment, used an example, wherein, carried out 8 membership's identification number inputs and handled, and in input operation part 20 relatively and confirm the input of membership's identification number so that verify that whether this number is registered is a member.Therefore, in the present embodiment, the comparing data of supposing will to be used for relatively and to confirm in advance membership's identification number that the user imports is stored in internal storage 25 or dynamically receives the comparing data of encrypting from external unit 50.In addition, in the present embodiment, in internal storage 25, stored various modes in advance, they each all comprise a coordinate range/position and related data thereof, like this, the keeper of device 10 just can at random select one of these patterns according to display screen.
Fig. 6 is a process flow diagram, has described the details that the input of membership's identification number is handled in the 3rd embodiment.At first, the display control unit 33 of the control part 30 in the device 10 shows a screen, is used to import membership's identification number (step S600).Fig. 7 (a) is the example that shows the such screen that is used to import membership's identification number in the present embodiment.And, in internal storage 25, write down in advance as shown in Figure 5 coordinate range and the various modes of corresponding related data information.Fig. 7 (b), 7 (c) and 7 (d) are the examples of logging mode, and in this example, three kinds of patterns all have been recorded.In these figure, dash area is the input area of requirement security.
Then, the keeper of device 10 selects the screen with Fig. 7 (a) to require the optimal mode of the coordinate range information matches of security from the pattern (Fig. 7 (b), 7 (c) and 7 (d)) that is write down, and the regulation of a coordinate range and related data code thereof is set.In this case, for example select a pattern 1 (step S601) among Fig. 7 (b).As for the screen that is used for model selection, the entr screen (not shown) that is provided with to the keeper is prepared separately by display control unit 33, so that the keeper can be provided with execution pattern selection on the entr screen at this.In addition, be to carry out according to the coordinate range of institute's lectotype and the setting of the regulation of related data code in the mode identical with second embodiment.According to this setting, can judge whether input coordinate requires security, and handle based on this judgement.
Particularly, the user at first carries out an operation, imports membership's identification number from the entr screen of Fig. 7 (a) by input part 21.The data that user's input operation is imported are notified to input part controller 22, and are converted into corresponding coordinate data.Input part controller 22 is provided with the coordinate data that judgement changes and whether requires security according to above-mentioned, when what click is the coordinate time (being " YES " among the step S602) that does not require the information of security, then this coordinate information is notified to control part 30 (step S603) by former state in normal way, thereby handles.Processing from step S604 to step S605 is identical with step aforesaid second embodiment, and therefore, the descriptions thereof are omitted herein.
In addition, when the coordinate of the information that requires security is clicked (being to be " YES " among " NO " and the step S606 among the step S602), execution in step S607, the processing of in this step, being carried out also with second embodiment in identical, be stored in the internal storage 25 with the corresponding related data code of the coordinate of being clicked.Processing from step S602 to S608 constantly repeats, and (is " NO " among the step S608) till the user finishes the input of membership's identification number.
When the coordinate of the information that requires security is transfused to click for eight times (for example, here hypothesis has been imported membership's identification number " DF8-5220 " for the time being), data processing division 23 judges whether the input of membership's identification number finishes, and, (static in step S608 is " YES ") compares input data and a comparing data in internal storage 25 Shens at step S609 when this comparing data is present in the storer 25 statically.On the other hand, when using the encryption comparing data that dynamically receives (dynamically being " YES " in step S608), use a kind of method (step S610) that the reception enciphered data that is used for comparison is decrypted or a kind of the input data that are used for comparison are carried out method of encrypting (step S611).The input data are being carried out in the method for encrypting, in internal storage 25, storing in advance and encrypt the used identical key of key, so just can use identical key to encrypt importing data to receiving comparing data.Any comparative approach can use, and does not have specific restriction in this respect.
Below will narrate an example of this comparison process.
Example 1: use the static comparing data (step S609) that is stored in the internal storage
Input data: DF8-5220
↓ (comparison)>OK
Comparing data: DF8-5220
Example 2: use the comparing data (step S610) that dynamically receives and decipher
Input data: DF8-5220
↓ (comparison)>OK
Comparing data deciphering: DF8-5220
↑ (deciphering)
Receive comparing data: 23488902213
Example 3: use dynamically to receive comparing data, be used for comparison (step S611) but the input data are encrypted
Input data: DF8-5220
↓ (encryption)
Input data encryption: 23488902213
↓ (comparison)>OK
Receive comparing data: 23488902213
These that carry out by this way relatively are notified to control part 30 or are notified to external unit 50 and security module 40 (step S612) by control part 30 with the result who verifies.Particularly, if confirm or verified consistance (above-mentioned OK), then one is proved to be successful code and 26 is sent from the transport part as the transmission data.If not (existing inconsistent), then authentication failed code 26 is sent from the transport part as the transmission data.So in the present embodiment, the input data are processed in input operation part 20, and only to external notification checking result.
Embodiment 4
The essential structure of the signal conditioning package of foundation one the 4th embodiment of the present invention is similar to the structure among second embodiment shown in Fig. 2.In addition, suppose that the example of a screen display is with identical shown in Fig. 7 (a).In the present embodiment, used an example, wherein installed the processing that 10 keeper carries out 16 a bit encryptions/decruption key of input, used the input encryption key to carry out ciphered data and be sent out.
Fig. 8 is a process flow diagram, has described the input processing details of encryption key in the present embodiment.At first, the display control unit 33 of the control part 30 in the device 10 shows a screen (step S800) that is used to import an encryption key.Equally, similar to second embodiment, be dynamically to receive (from step S801 to S803) from external unit 50 separately about the information of the regulation of a coordinate range and related data code thereof.
In addition, similar to second embodiment, the keeper at first carries out an operation, by input part 21 encryption key of entr screen input from Fig. 7 (a).Begin to the flow process that finishes (from step S804 to step S810) and second embodiment identical from input operation.
When the coordinate of the information that requires security is clicked input with 16 times (for example, hypothesis has been imported a keys for encryption/decryption " 0123456789ABCDEF " for the time being here), they are transfused to portion's controller 22 and are stored in (step S811) in the internal storage 25.By using the keys for encryption/decryption of storage like this, 24 pairs of data encryptions that are stored in the internal storage 25 of crypto module, perhaps data encryption (step S812) to dynamically receiving from external unit 50.An example of this encryption is described below.
Data in the internal storage 25: 402933
(dynamically receive data: 402933)
↓ (input key: encrypt) with 0123456789ABCDEF
Enciphered data: 9A234DF123102AEF
Send to the enciphered data of control part 30 and then be sent to safe external unit 50 or security module 40 (step S813) from control part 30.
Here, notice that therefore encryption method self will be omitted its detailed narration not within purpose of the present invention.
In addition, be transfused in the present embodiment and the keys for encryption/decryption that stores also can be used among all embodiment in front.
As previously described, according to the present invention, a kind of device is provided, and it comprises that an input operation part, control part, one are used for crypto module and transport module that is used for to external unit transmission data that the data that are input to input operation part are encrypted.Because this structure; even input operation part and control part can not be integrated under the situation of a unauthorized or illegal act prevention apparatus mutually; perhaps in addition input operation part 2 with require the equipment of security separated physically; still the leakage of identity or personal information can be prevented, thereby security might be protected.In addition, the present invention also provides the function of judging whether the data that are input in the input operation part should be encrypted, and like this, control part just needn't carry out encryption and decryption to the data that receive from input operation part have been handled.As a result of, the encryption and decryption of carrying out in device are handled and can be obtained reducing, thereby have reduced the burden of device.And, even under the situation of using a conventional apparatus, also needn't change, but might tackle this situation by input operation part of independent replacement in control part one side of device.Therefore, might reduce, and a considerable degree is brought up in its security the cost in existing device of device introducing of the present invention.
Though described various different embodiment of the present invention above, the embodiment of special reference above the present invention is not limited to, and obviously can change and do not deviate from defined scope of the present invention and spirit in the appended claim with revising.

Claims (9)

1.具有一个输入操作屏幕的一种输入操作装置,用于向一个与之相连的信息处理装置提供由一个操作者通过所述输入操作屏幕输入的信息,所述输入操作装置包括:一个设置部,用于设置数据设置信息以便将关于在所述输入操作屏幕上的一个预定坐标范围或位置的信息以及在所述预定坐标范围或位置中输入的数据转换为与所述坐标范围或位置相关的数据信息;一个加密判断部,用于根据在所述输入操作屏幕上按压的坐标是否存在于由所述设置部设置的所述预定坐标范围或位置中来判断输入数据是否应被加密;一个加密部,用于根据所述设置部设置的数据设置信息,将被所述加密判断部确定为应当加密的输入数据转换为与所述坐标范围或位置相关的数据信息,并使用一个预定的密钥对如此转换的数据进行加密;以及一个传输部,用于将加密数据与未加密数据都传送给与之相连的所述信息处理装置。1. An input operation device having an input operation screen for providing information input by an operator through said input operation screen to an information processing device connected thereto, said input operation device comprising: a setting section for setting data setting information so as to convert information on a predetermined coordinate range or position on the input operation screen and data input in the predetermined coordinate range or position into information related to the coordinate range or position data information; an encryption judging section for judging whether input data should be encrypted according to whether coordinates pressed on the input operation screen exist in the predetermined coordinate range or position set by the setting section; an encryption a part for converting the input data determined to be encrypted by the encryption judging part into data information related to the coordinate range or position according to the data setting information set by the setting part, and using a predetermined key encrypting the data thus converted; and a transmission section for transmitting both the encrypted data and the unencrypted data to said information processing apparatus connected thereto. 2.一个配备了一个输入操作部和一个控制部的信息处理装置,其中一个操作者通过该输入操作部键入一个输入,而该控制部用于在所述输入操作部上执行规定的控制,其中所述输入操作部包括:一个比较部,用于对输入的规定数据与所述输入操作部所保留的规定数据进行比较;以及一个传输部,用于将所述比较部所做的比较结果传送到所述控制部去;其中所述控制部进行操作,将接收到的比较结果传送到其他设备去。2. An information processing apparatus equipped with an input operation section through which an operator inputs an input and a control section for performing prescribed control on said input operation section, wherein The input operation section includes: a comparison section for comparing input specified data with specified data held by the input operation section; and a transmission section for transmitting a comparison result made by the comparison section to the control unit; wherein the control unit operates to transmit the received comparison result to other devices. 3.一个配备了一个输入操作部和一个控制部的信息处理装置,其中一个操作者通过该输入操作部键入一个输入,而该控制部用于在所述输入操作部上执行规定的控制,其中所述输入操作部包括:一个检测部,用于检测输入规定数据的一个输入操作;一个加密部,用于加密规定数据;以及一个传输部,用于将所述检测部的检测结果和所述加密部加密的数据传送给所述控制部;其中所述控制部根据接收的检测结果控制输入操作部并将接收的加密数据传送给一个具有一种解密功能的设备。3. An information processing apparatus equipped with an input operation section through which an operator inputs an input and a control section for performing prescribed control on said input operation section, wherein The input operation section includes: a detection section for detecting an input operation for inputting prescribed data; an encryption section for encrypting prescribed data; and a transmission section for converting the detection result of the detection section to the The data encrypted by the encryption unit is transmitted to the control unit; wherein the control unit controls the input operation unit according to the received detection result and transmits the received encrypted data to a device having a decryption function. 4.依据权利要求2的信息处理装置,其中所述输入操作部包括一个比较辨别部,用于从所述输入操作部输入的数据中辨别出应被所述比较部比较的数据,并且,所述比较部对所述比较辨别部辨别出的数据进行一个比较。4. The information processing apparatus according to claim 2, wherein said input operation section includes a comparison discrimination section for discriminating data that should be compared by said comparison section from data input by said input operation section, and, The comparing unit performs a comparison on the data discriminated by the comparison discriminating unit. 5.依据权利要求2的信息处理装置,其中由所述输入操作部保留的规定数据是储存在所述输入操作部中的一个存储器中的。5. The information processing apparatus according to claim 2, wherein the prescribed data retained by said input operation section is stored in a memory in said input operation section. 6.依据权利要求2的信息处理装置,其中由所述输入操作部保留的规定数据基于接收到的发自一个外部设备并受到加密的数据。6. The information processing apparatus according to claim 2, wherein the prescribed data retained by said input operation section is based on data received from an external device and subjected to encryption. 7.依据权利要求6的信息处理装置,其中所述信息处理装置包括一个用于对所述加密数据进行解密的解密部。7. The information processing apparatus according to claim 6, wherein said information processing apparatus includes a decryption section for decrypting said encrypted data. 8.依据权利要求6或7的信息处理装置,其中所述输入操作部包括一个加密部,用于使用一个公用密钥对从所述输入操作部输入的数据进行加密,发自所述外部设备的所述接收数据就是利用该公共密钥进行加密的,并且所述比较部在这些加密数据之间进行一个比较。8. The information processing apparatus according to claim 6 or 7, wherein said input operation section includes an encryption section for encrypting data input from said input operation section using a public key, sent from said external device The received data is encrypted using the public key, and the comparing section performs a comparison between the encrypted data. 9.依据权利要求4的信息处理装置,其中所述输入操作部具有一个输入操作屏幕,并且由所述比较辨别部辨别出并受到所述比较部所做的比较处理的数据被输入到在所述输入操作屏幕上至少一个预定坐标范围和预定坐标位置中,并且与所述坐标范围或位置相关。9. The information processing apparatus according to claim 4, wherein said input operation section has an input operation screen, and data discriminated by said comparison discrimination section and subjected to comparison processing by said comparison section is input to said input operation section. at least one predetermined coordinate range and predetermined coordinate position on the input operation screen, and is related to the coordinate range or position.
CNA2007100057298A 2001-08-24 2002-01-15 Information processing device and input operation device Pending CN101008969A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2001254509A JP4064647B2 (en) 2001-08-24 2001-08-24 Information processing apparatus and input operation apparatus
JP254509/2001 2001-08-24

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CNB021020124A Division CN1306747C (en) 2001-08-24 2002-01-15 Information processing device and input operating device

Publications (1)

Publication Number Publication Date
CN101008969A true CN101008969A (en) 2007-08-01

Family

ID=19082665

Family Applications (2)

Application Number Title Priority Date Filing Date
CNA2007100057298A Pending CN101008969A (en) 2001-08-24 2002-01-15 Information processing device and input operation device
CNB021020124A Expired - Fee Related CN1306747C (en) 2001-08-24 2002-01-15 Information processing device and input operating device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNB021020124A Expired - Fee Related CN1306747C (en) 2001-08-24 2002-01-15 Information processing device and input operating device

Country Status (5)

Country Link
US (1) US7043639B2 (en)
EP (1) EP1288874A3 (en)
JP (1) JP4064647B2 (en)
KR (1) KR100769810B1 (en)
CN (2) CN101008969A (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4428036B2 (en) * 2003-12-02 2010-03-10 ソニー株式会社 Information processing apparatus and method, program, information processing system and method
US7725729B2 (en) * 2004-01-28 2010-05-25 Fuji Xerox Co., Ltd. Electronic device and controlling method of electronic device
US8250151B2 (en) * 2005-10-12 2012-08-21 Bloomberg Finance L.P. System and method for providing secure data transmission
JP4862347B2 (en) * 2005-10-18 2012-01-25 カシオ計算機株式会社 Input device and program for preventing illegal reading of input information
JP4851179B2 (en) * 2005-12-16 2012-01-11 株式会社三菱東京Ufj銀行 COMMUNICATION METHOD, COMMUNICATION DEVICE, INFORMATION COMMUNICATION SYSTEM, AND PROGRAM
US8196212B2 (en) * 2006-04-04 2012-06-05 Panasonic Corporation Personal information management device
JP5121190B2 (en) * 2006-09-04 2013-01-16 日立オムロンターミナルソリューションズ株式会社 Input device and automatic teller machine
US8261064B2 (en) * 2007-02-27 2012-09-04 L-3 Communications Corporation Integrated secure and non-secure display for a handheld communications device
CN101335611B (en) * 2007-06-29 2011-06-22 联想(北京)有限公司 Safe press-key inputting system, apparatus and method
JP2009163384A (en) * 2007-12-28 2009-07-23 Kyodo Printing Co Ltd Data input system and data input method
JP5267027B2 (en) * 2008-10-03 2013-08-21 富士通株式会社 Personal information system
JP5359419B2 (en) * 2009-03-16 2013-12-04 オムロン株式会社 Automatic transaction equipment
KR100952644B1 (en) * 2009-04-17 2010-04-13 주식회사 잉카인터넷 Security system and method of keyboard input data
US9183373B2 (en) * 2011-05-27 2015-11-10 Qualcomm Incorporated Secure input via a touchscreen
BR112014013221A2 (en) * 2011-11-30 2017-06-13 Intel Corp protection of entries against malware
KR101438312B1 (en) 2013-03-20 2014-09-12 전북대학교산학협력단 Method of data encryption and encrypted data transmitter-receiver system using thereof
US9177164B2 (en) * 2013-03-31 2015-11-03 Noam Camiel System and method for a parallel world of security for non secure environments
CN105991279A (en) * 2015-02-05 2016-10-05 富泰华工业(深圳)有限公司 Encryption and decryption system of electronic device, and encryption and decryption method thereof
JP6117402B2 (en) * 2016-05-18 2017-04-19 インテル コーポレイション System and method for protecting input
JP2019029761A (en) * 2017-07-27 2019-02-21 京セラドキュメントソリューションズ株式会社 Information processing apparatus and method for controlling information processing apparatus
CN107831945A (en) * 2017-11-30 2018-03-23 北京集创北方科技股份有限公司 Electronic equipment, display system and its integrated control device, safe verification method
JPWO2022018971A1 (en) * 2020-07-22 2022-01-27
JP7657099B2 (en) 2021-05-31 2025-04-04 ニデックインスツルメンツ株式会社 Information input device and information processing system

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5584023A (en) * 1993-12-27 1996-12-10 Hsu; Mike S. C. Computer system including a transparent and secure file transform mechanism
EP0907270B1 (en) * 1994-02-24 2009-04-15 Comcast Cable Holdings, LLC Apparatus and method for establishing a cryptographic link between elements of a system
US5787172A (en) * 1994-02-24 1998-07-28 The Merdan Group, Inc. Apparatus and method for establishing a cryptographic link between elements of a system
US5778068A (en) 1995-02-13 1998-07-07 Eta Technologies Corporation Personal access management system
JPH08331394A (en) 1995-05-31 1996-12-13 Tec Corp Facsimile system
JPH0954862A (en) * 1995-08-16 1997-02-25 Nec Eng Ltd Automatic teller machine
JP2970498B2 (en) * 1995-10-26 1999-11-02 日本電気株式会社 Digital hearing aid
US5892826A (en) * 1996-01-30 1999-04-06 Motorola, Inc. Data processor with flexible data encryption
US5832206A (en) * 1996-03-25 1998-11-03 Schlumberger Technologies, Inc. Apparatus and method to provide security for a keypad processor of a transaction terminal
US5970146A (en) * 1996-05-14 1999-10-19 Dresser Industries, Inc. Data encrypted touchscreen
US5768386A (en) 1996-05-31 1998-06-16 Transaction Technology, Inc. Method and system for encrypting input from a touch screen
JP3142788B2 (en) 1996-12-18 2001-03-07 四倉 幹夫 How to display the computer display screen
JPH1185842A (en) 1997-09-03 1999-03-30 Matsushita Electric Ind Co Ltd Product assurance management system
US6170058B1 (en) 1997-12-23 2001-01-02 Arcot Systems, Inc. Method and apparatus for cryptographically camouflaged cryptographic key storage, certification and use
JPH11215122A (en) 1998-01-27 1999-08-06 Matsushita Electric Ind Co Ltd Method, device, and system for enciphering data
JP3636902B2 (en) 1998-03-31 2005-04-06 富士通株式会社 Electronic information management system, IC card, terminal device, electronic information management method, and computer-readable recording medium recording electronic information management program
JP2000020468A (en) * 1998-07-02 2000-01-21 Toshiba Corp Information input device and display method for input operation picture for the same
US6834346B1 (en) 1998-07-30 2004-12-21 Sony Corporation Content processing system
JP2000132543A (en) 1998-10-27 2000-05-12 Ntt Data Corp Document processing system and document processing method, and recording medium
US6317835B1 (en) 1998-12-23 2001-11-13 Radiant Systems, Inc. Method and system for entry of encrypted and non-encrypted information on a touch screen
JP2000315998A (en) 1999-01-24 2000-11-14 Hiroichi Okano Method and system for encrypting image
WO2000046804A1 (en) 1999-02-08 2000-08-10 Sony Corporation Information recording/reproducing system
JP2000260121A (en) 1999-03-05 2000-09-22 Toshiba Corp Information reproducing device and information recording device
WO2001039099A1 (en) 1999-11-22 2001-05-31 Fujitsu Limited Information processor and storage medium

Also Published As

Publication number Publication date
KR100769810B1 (en) 2007-10-23
US7043639B2 (en) 2006-05-09
CN1402461A (en) 2003-03-12
JP4064647B2 (en) 2008-03-19
KR20030017298A (en) 2003-03-03
EP1288874A2 (en) 2003-03-05
US20030044013A1 (en) 2003-03-06
CN1306747C (en) 2007-03-21
JP2003067337A (en) 2003-03-07
EP1288874A3 (en) 2004-10-06

Similar Documents

Publication Publication Date Title
CN101008969A (en) Information processing device and input operation device
US5844497A (en) Apparatus and method for providing an authentication system
US5493613A (en) Combination pin pad and terminal
US5745576A (en) Method and apparatus for initialization of cryptographic terminal
EP0403656B1 (en) Communication equipment
US7366916B2 (en) Method and apparatus for an encrypting keyboard
WO1997045979A9 (en) Method and apparatus for initialization of cryptographic terminal
CN104464048B (en) A kind of electronic password lock method for unlocking and device
JP5121190B2 (en) Input device and automatic teller machine
US20020016914A1 (en) Encryption control apparatus
CN100583174C (en) Data safety processing method using online banking system safety terminal
CN101770559A (en) Data protecting device and data protecting method
US7587051B2 (en) System and method for securing information, including a system and method for setting up a correspondent pairing
CN101169815A (en) Computer system and data input method
EP0018129B1 (en) Method of providing security of data on a communication path
JPH01300291A (en) Code generating apparatus and method
EP1286242A1 (en) System and method for protected data input of security data
KR100975854B1 (en) Password security method and device online
CN1099781C (en) Method and device for data communication
RU2440683C2 (en) Terminal activation method
CN101345623B (en) Control system and method with authentication function
KR20050022576A (en) Password input method for preventing password from being exposing
JPH0619948A (en) Method for collating id number and its device
JPS62166489A (en) Ic card system
KR20240091564A (en) Method of preventing illegal withdrawal in ATM

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20070801